Professional Documents
Culture Documents
●
Build “inroads” for additional services
Take care of the end user network
●
Remote access for yourself (DUH!)
●
Secure transmissions
Has YOUR password been sniffed while you've been here?
HIPPA, Banking/Finance
●
Even if the LAW does not require this, wireless is
misunderstood and this allows you to say ALL
transmissions are encrypted (at least to the wired
segment)
Why VPN? (More reasons)
●
Routing interfaces
DST-NAT cannot “redirect” a packet out the same interface it
came in on
●
Firewall simplification
Set up PPtP to your border
Allow connections to your routers from the PPtP IP space
only
This allows your INPUT chain to be duplicated without
modification
●
Other “special use applications”?
What can YOU think of?
Making Money with VPN
●
Existing Customers
Home Users have a business
Business Users have a home
●
VPN allows for a “Home Office”
Business expense
●
Gets you “inside” the network
Service revenue – As much or as little as you want
YOU are the expert
Which VPN is right? - IPSEC
●
IPSEC
Used for highly sensitive information
●
HIPPA/Medical
●
Financial
Creates a tunnel between 2 networks (typically)
“Routing” is done via policies
Not guaranteed to work behind a NAT router
Configuration
●
/ip ipsec
●
You must turn off Masquerading/NAT
Which VPN is right? - PPtP/L2TP
●
Encrypted
●
Quick and very easy setup
●
Routed (creates an interface for routing)
This is very useful if you need to “redirect” (dst-nat)
●
Easy to use for remote users
Looks like a “dialup” connection
Which VPN is right? - EoIP
●
This is NOT an encrypted tunnel
●
Quick and very easy setup
●
Bridged network
Can bridge IPX and other protocols
●
Transparent to users
●
This is a Mikrotik proprietary tunnel
Which VPN is right? - IPIP
●
This is NOT an encrypted tunnel
●
Quick and very easy setup
●
Routed
Creates an interface for routing
●
Standardized protocol (RFC 2003 compliant)
●
Transparent to users